5/9/2023 0 Comments Ccleaner cloud 1.07.3191This is sort of a holy grail for malware authors because they can efficiently distribute their malware, hide it in a trusted channel, and reach a potentially large number of users,” said Marco Cova, senior security researcher at Lastline.The malware allowed an infected system to be remotely controlled and collect data from your computer. “This is an example of a software supply-chain attack, where an otherwise trusted software vendor gets compromised and the update mechanism of the programs they distribute is leveraged to distribute malware. Piriform said that while the data was collected it does not appear to have been sent anywhere.Ĭyber industry executives noted these attackers once again utilized a trusted software vendor to spread their malware, just as NotPetya was spread to companies using M.E. Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc.MAC addresses of first three network adapters.List of installed software, including Windows updates.Piriform said the malware also began collecting data on the affected system: “It is also possible that an insider with access to either the development or build environments within the organization intentionally included the malicious code or could have had an account (or similar) compromised which allowed an attacker to include the code,” it said. Talos did not rule out the possibility that the malware was the work of an insider. “Given the presence of this compilation artifact as well as the fact that the binary was digitally signed using a valid certificate issued to the software developer, it is likely that an external attacker compromised a portion of their development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization,” Talos researchers wrote. (S:) within CCleaner's binary that it believes points to how the malware found its way into the software. Talos in its investigation also found a compilation artifact. The suspicious code was hidden in the application's initialization code called CRT (Common Runtime) that is normally inserted during compilation by the compiler, Piriform said. The corrupted version of CCleaner was being distributed on CCleaner's download server with a valid certificate as of September 11, 2017, Cisco Talos' researchers said. “We would like to apologize for a security incident that we have recently found in CCleaner version and CCleaner Cloud version ,” Yung said, adding, “the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we're moving all existing CCleaner v users to the latest version. law enforcement on the investigation," a company spokesperson told SC Media.ĬCleaner has been downloaded more than 2 billion times, according to a November 2016 press release, and the company is recommending all its users update to the latest version 5.34. "Piriform is unable to speculate on the intent of the attack as the company is still working with U.S. An as of yet unknown party inserted a two-stage backdoor capable of remote code execution. Further research discovered that these versions of the app had been illegally modified before being released to the public. Piriform Vice President Paul Yung said the issue was first noticed on September 12 when an unknown IP address began receiving data in version of CCleaner, and CCleaner Cloud version, on 32-bit Windows systems. ![]() The free computer maintenance app CCleaner, distributed by Avast subsidiary Piriform, may have exposed more than 2 million computers to a multistage malware payload that if exploited could have allowed the computers to be controlled remotely.Ĭisco's Talos threat intelligence group believes the malware was most likely added by an outside actor, but the researchers did not rule out the possibility that the maneuver was an inside job. Avast acquired Piriform in July and folded the company into Avast's consumer business unit and retained the CCleaner brand.
0 Comments
Leave a Reply. |